When I trace the DNS lookup of google.com for example, dig displays only the request to the root server and then goes straight to the 2nd level domain servers, skipping the top level domain. In other words it goes from a.root-servers.net to ns1.google.com. As you can see in this picture What about the [a-h].gtld-servers.net TLD server that should have been in between? Why isn't it shown in the results? Same thing happens for other hostnames. For example gaia.cs.umass.edu. Picture It goes from the root server to ns[1-3].umass.edu. Where are all the .edu TLD servers like a.edu-servers.net?
Asked
Active
Viewed 1,594 times
1
-
Why not copy-paste the output into your question? Better to have all the information in context in the question. – Jose Quinteiro Dec 10 '20 at 17:55
1 Answers
1
These results make me wonder if there's something strange going in in your network, more so than suspecting that dig is doing something strange.
Do you have some form of transparent "proxying" going on? Ie, is a query to 199.7.91.13 (one of the root servers, as seen in one of your examples) actually sent to that address or redirected somewhere else (some local recursor, maybe)?
One hypothesis would be that all DNS traffic is sent to a recursor, which would show in the full output (you wouldn't get authoritative responses... ie, no aa flag).
To continue with the trace idea, you could run eg:
dig +trace +all example.com
This will have the full output for each step. Look at the details of the responses, does the response from the root server (as per SERVER: ... at the bottom of each response) actually an authoritative response?
Queries like these could also help expose if something strange is going on. Compare to what the real `199.7.91.13` responds (do note that it's not a single server so the responses are not necessarily consistent, but it gives you a good idea what to expect), as observed from a known good Internet connection:
dig @199.7.91.13 version.bind CH TXT +norec
(Might respond with a software + version string)
dig @199.7.91.13 hostname.bind CH TXT +norec
(Might respond with a hostname)
dig @199.7.91.13 id.server CH TXT +norec
(Might respond with a server identifier)
Håkan Lindqvist
- 35,011
- 5
- 69
- 94